Company 
Team 
Local Government Partners 
Case Study
Company News 
Team Member Spotlight 
Managed IT Services
Cloud Hosting 
Co-Managed %201.svg){kind=icon}
Managed VOIP 
Managed Security Services 
Data Backup + Disaster Recovery 
Security Assessment 
CMMC Compliance 
SharePoint
Power BI
Web Design + Hosting
Application Development
Businesses 
Municipalities 
Local Government Services 
Healthcare
Manufacturing
Aerospace and Defense
Case Studies
Guides
News
Events
Municipalities
Healthcare
Managed IT Services
Compliance
CybersecurityWhen it comes to cybersecurity, we all talk about best practices and the right actions to take, ensuring you and your business are protected. What we don’t talk about are the mistakes. More specifically, the actions people take assuming they’re best practices but, in reality, they’re far from it.
So, let’s discuss the top 3 cybersecurity mistakes you should avoid making.
1. Not Being Proactive
To think your business is too small or too isolated to be affected by a cyberattack can be a devastating miscalculation. From data breaches to ransomware attacks, 70% of SMBs who experience a cyberattack go out of business within a year. Being proactive when it comes to cybersecurity and your business is like going to the dentist for your annual check-up. Avoiding a check-up only leads to poor teeth, toothaches, and even various diseases. Similarly with cybersecurity, not being proactive can and will lead to serious problems down the road. So, what does it mean to be proactive with security? Having multiple layers of security is a great start, as well as having a written disaster recovery plan – providing you with a clear path to follow in case of a disaster (malware, theft, fire, flood, etc.). Furthermore, having documentation from your vendors of hosted applications, detailing their security and recovery plan, is just as important. In case they are challenged, you are able to confirm that your expectations for recovery line up with theirs. Finally, make sure you are having regular conversations and training with your employees, ensuring they understand the challenges and the part they play in protecting the work environment…and their livelihood.
2. Still Using Antivirus Software
Many organizations believe that antivirus software installed on workstations and servers is enough to protect them. The problem with antivirus software is even though it does provide a level of protection, it is fully reactive to the threat that has already entered your environment.
Instead, you need to be using endpoint detection and response (EDR). This baseline security tool has replaced antivirus. EDR uses machine learning (a form of AI) to detect cyberattacks—both known and unknown threats—within your environment and respond to those threats by preventing or containing any damage depending on the severity of the attack.
EDR is only one part of a security stack that companies should explore to make sure they are addressing the increasing security needs of today. So, what else is needed?
- Firewall: All organizations of all sizes should have a dedicated, hardware-based firewall established in their environment. The purpose? To fully monitor traffic coming in and going out of your network. These devices have significant configuration options to allow certain sites or types of sites (i.e. gambling) to be blocked. In addition, you can dictate from what countries you will allow to access your environment and you can block countries that are known hacker hot points. There are numerous other features you can manage to increase safety.
- Third-Party Solutions: There is a large volume of third-party solutions to explore, such as OpenDNS, KnowBe4, CrowdStrike, dark web monitoring, password managers, and multi-factor authentication (MFA). These tools are useful to be aware of since the dollar investment may be very small and yet provide a high level of security.
- Employee Training: Didn't we mention this in the last section? YES! When it comes to protecting your environment, this is probably the most neglected and forgotten tool. The technology you use (EDR, firewall, third-party solutions, etc.) covers only 50% of your total protection - the other 50% is your people and the actions they take! That said, both are of equal importance. Your employees need to know what the threats are, how to recognize them, and what to do if they suspect a risky email or possibly click on something they shouldn’t have. It is crucial that you have a clear policy supporting such training, with clear guidelines on possible disciplinary action if employees refuse to take the training or threats seriously.
3. Believing It Won’t Happen to You
Recent studies have shown that 54% of SMBs feel they are too small to be attacked while a whopping 43% of all cyberattacks are directed at SMBs. Why? SMBs fail to adequately protect themselves and take threats seriously. Hackers don’t rely on the “big score” to survive - they simply rely on access to compromise the environment. The work that it takes to score a $100,000 ransom is greatly reduced by scoring 10 $10,000 or 20 $5,000 ransom payments. Except for a few instances, these threats are not focused: they simply cast a very large net and see what they catch. It is exceedingly important that you understand how your environment is structured to repel such attacks and how to plan for remediation should your efforts at protection fail.
VC3 makes technology easy. If you’d like to learn more about cybersecurity, or you simply need help in determining the optimal protection services for you, VC3 is here to help!
